==Phrack Inc.== Volume Four, Issue Forty-One, File 11 of 13 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue 41 / Part 1 of 3 PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Reports of "Raid" on 2600 Washington Meeting November 9, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Barbara E. McMullen & John F. McMullen (Newsbytes) WASHINGTON, D.C. -- The publisher of a well-known hacker magazine claims a recent meeting attended by those interested in the issues his magazine raises was disrupted by threats of arrest by security and Arlington, Virginia police officers. Eric Corley, also known as "Emmanuel Goldstein," editor and publisher of "2600 Magazine: The Hacker Quarterly," told Newsbytes that the meeting was held November 6th at the Pentagon City Mall outside Washington, DC was disrupted and material was confiscated in the raid. 2600 Magazine promotes monthly meetings of hackers, press, and other interested parties throughout the country. The meetings are held in public locations on the first Friday evening of the month and the groups often contact each other by telephone during the meetings. Corley told Newsbytes that meetings were held that evening in New York, Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los Angeles and San Francisco. Corley said, "While I am sure that meetings have been observed by law enforcement agencies, this is the only time that we have been harassed. It is definitely a freedom of speech issue." According to Craig Neidorf, who was present at the meeting and was distributing applications for membership in Computer Professionals For Social Responsibility (CPSR), "I saw the security officers focusing on us. Then they started to come toward us from a number of directions under what seemed to be the direction of a person with a walkie-talkie on a balcony. When they approached, I left the group and observed the security personnel encircling the group of about 30 gatherers. The group was mainly composed of high school and college students. The guards demanded to search the knapsacks and bags of the gatherers. They confiscated material, including CPSR applications, a copy of Mondo 2000 (a magazine), and other material." He adds that the guards also confiscated film "from a person trying to take pictures of the guards. When a hacker called "HackRat" attempted to copy down the names of the guards, they took his pencil and paper." Neidorf continued, "I left to go outside and rejoined the group when they were ejected from the mall. The guards continued challenging the group and told them that they would be arrested if they returned. When one of the people began to take pictures of the guards, the apparent supervisor became excited and threatening but did not confiscate the film." Neidorf also said, "I think that the raid was planned. They hit right about 6:00 and they identified our group as "hackers" and said that they knew that this group met every month." Neidorf's story was supported by a Washington "hacker" called "Inhuman," who told Newsbytes, "I arrived at the meeting late and saw the group being detained by the guards. I walked along with the group as they were being ushered out and when I asked a person who seemed to be in authority his name, he pointed at a badge with his name written in script on it. I couldn't make out the name and, when I mentioned that to the person, he said 'If you can't read it, too bad.' I did read his name, 'C. Thomas,' from another badge." Inhuman also told Newsbytes that he was told by a number of people that the guards said that they were "acting on behalf of the Secret Service." He added, "I was also told that there were two police officers from the Arlington County Police present but I did not see them." Another attendee, Doug Luce, reports, "I also got to the DC meeting very late; 7:45 or so. It seemed like a coordinated harassment episode, not geared toward busting anyone, but designed to get people riled up, and maybe not come back to the mall." Luce adds that he overheard a conversation between someone who had brought a keyboard to sell. The person, he said, was harassed by security forces, one of whom said, "You aren't selling anything in my mall without a vendors permit!" Possible Secret Service involvement was supported by a 19 year-old college student known as the "Lithium Bandit," who told Newsbytes, "I got to the mall about 6:15 and saw the group being detained by approximately 5 Arlington County police and 5 security guards. When I walked over to see what was going on, a security guard asked me for an ID and I refused to show it, saying that I was about to leave. The guard said that I couldn't leave and told me that I had to see a police officer. When I did, the officer demanded ID and, when I once again refused, he informed me that I could be detained for up to 10 hours for refusing to produce identification. I gave in and produced my school ID which the police gave to the security people who copied down my name and social security number." Lithium Bandit continued, "When I asked the police what was behind this action, I was told that they couldn't answer but that 'the Secret Service is involved and we are within our rights doing this." The boy says he and others later went to the Arlington police station to get more information and were told only that there was a report of the use of a stolen credit card and two officers were sent to investigate. "They later admitted that it was 5 (officers). While I was detained, I heard no mention of a credit card and there was no one arrested." Marc Rotenberg, director of CPSR's Washington office, told Newsbytes, "I have really no details on the incident yet, but I am very concerned about the reports. Confiscation of CPSR applications, if true, is outrageous. I will find out more facts on Monday." Newsbytes was told by the Pentagon City Mall office that any information concerning the action would have to come from the director of security, Al Johnson, who was not available until Monday. The Arlington Country Police referred Newsbytes to a "press briefing recording" which had not been updated since the morning before the incident. Corley told Newsbytes, "There have been no reports of misbehavior by any of these people. They were obviously singled out because they were hackers. It's as if they were being singled out as an ethnic group. I admire the way the group responded -- in a courteous fashion. But it is inexcusable that it happened. I will be at the next Washington meeting to insure that it doesn't happen again." The manager of one of New York state's largest malls provided background information to Newsbytes on the rights of malls to police those on mall property, saying, "The primary purpose of a mall is to sell. The interior of the mall is private property and is subject to the regulations of the mall. The only requirement is that the regulations be enforced in an even-handed manner. I do not allow political activities in my mall so I could not make an exception for Democrats. We do allow community groups to meet but they must request space at least two weeks before the meeting and must have proper insurance. Our regulations also say that groups of more than 4 may not congregate in the mall." The spokeswoman added that mall security can ask for identification from those who violate regulations and that they may be barred from the mall for a period of 6 months. She added, "Some people feel that mall atriums and food courts are public space. They are not and the industry is united on this. If the malls were to receive tax benefits for the common space and public service in snow removal and the like, it could possibly be a public area but malls are taxed on the entire space and are totally private property, subject to their own regulations. If a group of 20 or more congregated in my mall, they would be asked to leave." - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Confusion About Secret Service Role In 2600 Washington Raid November 7, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Barbara E. McMullen & John F. McMullen (Newsbytes) WASHINGTON, D.C.-- In the aftermath of an action on Friday, November 6th by members of the Pentagon City Mall Police and police from Arlington County, Virginia in which those attending a 2600 meeting at the mall were ordered from the premises, conflicting stories continue to appear. Attendees at the meeting have contended to Newsbytes that members of the mall police told them that they were "acting on behalf of the Secret Service." They also maintain that the mall police confiscated material from knapsacks and took film from someone attempting to photograph the action and a list of the names of security officers that one attendee was attempting to compile. Al Johnson, chief of security for the mall, denied these allegations to Newsbytes, saying "No one said that we were acting on behalf of the Secret Service. We were merely enforcing our regulations. While the group was not disruptive, it had pulled tables together and was having a meeting in our food court area. The food court is for people eating and is not for meetings. We therefore asked the people to leave." Johnson denied that security personnel took away any film or lists and further said "We did not confiscate any material. The group refused to own up to who owned material on the tables and in the vicinity so we collected it as lost material. If it turns out that anything did belong to any of those people, they are welcome to come in and, after making proper identification, take the material." In a conversation early on November 9th, Robert Rasor, Secret Service agent-in- charge of computer crime investigations, told Newsbytes that having mall security forces represent the Secret Service is not something that was done and, that to his knowledge, the Secret Service had no involvement with any Pentagon City mall actions on the previous Friday. A Newsbytes call to the Arlington County police was returned by a Detective Nuneville who said that her instructions were to refer all questions concerning the matter to agent David Adams of the Secret Service. She told Newsbytes that Adams would be providing all information concerning the involvement of both the Arlington Police and the Secret Service in the incident. Adams told Newsbytes "The mall police were not acting as agents for the Secret Service. Beyond that, I can not confirm or deny that there is an ongoing investigation." Adams also told Newsbytes that "While I cannot speak for the Arlington police, I understand that their involvement was due to an incident unrelated to the investigation." Marc Rotenberg, director of the Washington office of Computer Professionals for Social Responsibility (CPSR), told Newsbytes "CPSR has reason to believe that the detention of people at the Pentagon City Mall last Friday was undertaken at the behest of the Secret Service, which is a federal agency. If that is the case, then there was an illegal search of people at the mall. There was no warrant and no indication of probable illegal activity. This raises constitutional issues. We have undertaken the filing of a Freedom of Information Act (FOIA) request to determine the scope, involvement and purpose of the Secret Service in this action." 2600 meetings are held on the evening of the first Friday of each month in public places and malls in New York City, Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los Angeles and San Francisco. They are promoted by 2600 Magazine: The Hacker Quarterly and are attended by a variety of persons interested in telecommunications and so-called "hacker issues". The New York meeting, the oldest of its kind, is regularly attended by Eric Corley a/k/a Emmanuel Goldstein, editor and publisher of 2600, hackers, journalists, corporate communications professionals and other interested parties. It is known to have been the subject of surveillance at various times by law enforcement agencies conducting investigations into allegations of computer crime. Corley told Newsbytes "While I'm sure that meetings have been observed by law enforcement agencies, this is the only time that we have been harassed. It's definitely a freedom of speech issue." Corley also that he plans to be at the December meeting in Washington "to insure that it doesn't happen again." - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Conflicting Stories In 2600 Raid; CRSR Files FOIA November 11, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Barbara E. McMullen & John F. McMullen (Newsbytes) WASHINGTON, D.C. -- In the on-going investigation of possible Secret Service involvement in the Friday, November 6th ejection of attendees at a "2600 meeting" from the premises of the Pentagon City Mall, diametrically opposed statements have come from the same source. Al Johnson, chief of security for the Pentagon City Mall told Newsbytes on Monday, November 9th "No one said that we were acting on behalf of the Secret Service. We were merely enforcing our regulations. While the group was not disruptive, it had pulled tables together and was having a meeting in our food court area. The food court is for people eating and is not for meetings. We therefore asked the people to leave." On the same day, Johnson was quoted was quoted in a Communications Daily article by Brock Meeks as saying "As far as I'm concerned, we're out of this. The Secret Service, the FBI, they're the ones that ramrodded this whole thing." Newsbytes contacted Meeks to discuss the discrepancies in the stories and were informed that the conversation with Johnson had been taped and was available for review. The Newsbytes reporter listened to the tape (and reviewed a transcript). On the tape, Johnson was clearly heard to make the statement quoted by Meeks. He also said "maybe you outta call the Secret Service, they're handling this whole thing. We, we were just here", and, in response to a Meeks question about a Secret Service contact, "Ah.. you know, I don't have a contact person. These people were working on their own, undercover, we never got any names, but they definitely, we saw identification, they were here." Newsbytes contacted Johnson again on the morning of Wednesday, November 11 and asked him once again whether there was any Secret Service involvement in the action. Johnson said "No, I told you that they were not involved." When it was mentioned that there was a story in Communications Daily, quoting him to the contrary, Johnson said "I never told Meeks that. There was no Secret Service involvement" Informed of the possible existence of a tape quoting him to the contrary. Johnson said "Meeks taped me? He can't do that. I'll show him that I'm not fooling around. I'll have him arrested." Johnson also said "He asked me if the Secret Service was involved; I just told him that, if he thought they were, he should call them and ask them." Then Johnson again told Newsbytes that the incident was "just a mall problem. There were too many people congregating." [NOTE: Newsbytes stands by its accurate reporting of Johnson's statements. It also affirms that the story by Meeks accurately reflects the material taped during his interview] In a related matter, Marc Rotenberg, director of the Washington office of Computer Professionals For Social Responsibility (CPSR) has announced that CPSR has filed a Freedom of Information Act (FOIA) request with the Secret Service asking for information concerning Secret Service involvement in the incident. Rotenberg told Newsbytes that the Secret Service has 10 days to respond to the request. He also said that CPSR "is exploring other legal options in this matter." The Secret Service, in earlier conversations with Newsbytes, has denied that the mall security was working on its behalf. In the incident itself, a group attending the informal meeting was disbanded and, according to attendees, had property confiscated. They also contend that security guards took film from someone photographing the confiscation as well as a list that someone was making of the guard's names. In his November 9th conversation with Newsbytes, Johnson denied that security personnel took away any film or lists and further said "We did not confiscate any material. The group refused to own up to who owned material on the tables and in the vicinity so we collected it as lost material. If it turns out that anything did belong to any of those people, they are welcome to come in and, after making proper identification, take the material." 2600 meetings are promoted by 2600 Magazine: The Hacker Quarterly and are held on the evening of the first Friday of each month in public places and malls in New York City, Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los Angeles and San Francisco. They are regularly attended by a variety of persons interested in telecommunications and so-called "hacker issues". _______________________________________________________________________________ Secret Service Grabs Computers In College Raid December 17, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Joe Abernathy (The Houston Chronicle)(Page A37) The Secret Service has raided a dorm room at Texas Tech University, seizing the computers of two Houston-area students who allegedly used an international computer network to steal computer software. Agents refused to release the names of the two area men and a third man, a former Tech student from Austin, who were not arrested in the late-morning raid Monday at the university in Lubbock. Their cases will be presented to a grand jury in January. The three, in their early 20s, are expected to be charged with computer crime, interstate transport of stolen property and copyright infringements. "The university detected it," said Agent R. David Freriks of the Secret Service office in Dallas, which handled the case. He said Texas Tech computer system operators noticed personal credit information mixed in with the software mysteriously filling up their data storage devices. The former student admitted pirating at least $6,000 worth of games and programs this summer, Freriks said. The raid is the first to fall under a much broader felony definition of computer software piracy that could affect many Americans. Agents allege the three used the Internet computer network, which connects up to 15 million people in more than 40 nations, to make contacts with whom they could trade pirated software. The software was transferred over the network, into Texas Tech's computers and eventually into their personal computers. The Software Publishers Association, a software industry group chartered to fight piracy, contends the industry lost $1.2 billion in sales in 1991 to pirates. Although these figures are widely questioned for their accuracy, piracy is widespread among Houston's 450-plus computer bulletin boards, and even more so on the global Internet. "There are a lot of underground sites on the Internet run by university system administrators, and they have tons of pirated software available to download -- gigabytes of software," said Scott Chasin, a former computer hacker who is now a computer security consultant. Freriks said the investigation falls under a revision of the copyright laws that allows felony charges to be brought against anyone who trades more than 10 pieces of copyrighted software -- a threshold that would cover many millions of Americans who may trade copies of computer programs with their friends. "The ink is barely dry on the amendment, and you've already got law enforcement in there, guns blazing, because somebody's got a dozen copies of stolen software," said Marc Rotenberg, director of Computer Professionals for Social Responsibility, in Washington. "That was a bad provision when it was passed, and was considered bad for precisely this reason, giving a justification for over-reaching by law enforcement." Freriks said the raid also involved one of the first uses of an expanded right to confiscate computers used in crime. "Our biggest complaint has been that you catch 'em and slap 'em on the wrist, and then give the smoking gun back," he said. "So they've changed the law so that we now have forfeiture authority." The Secret Service already has been under fire for what is seen by civil libertarians as an overly casual use of such authority, which many believe has mutated from an investigative tool into a de facto punishment without adequate court supervision. _______________________________________________________________________________ Hacker Taps Into Freeway Call Box -- 11,733 Times October 23, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Jeffrey A. Perlman (Los Angeles Times)(Page A3) SANTA ANA, CA -- An enterprising hacker reached out and touched someone 11,733 times in August -- from a freeway emergency call box in Orange County. A computer that monitors the county's emergency call boxes attributed 25,875 minutes of calls to the mysterious caller who telephoned people in countries across the globe, according to a staff report prepared for the Orange County Transportation Authority. "This is well over the average of roughly 10 calls per call box," the report noted. About 1,150 bright yellow call boxes have been placed along Orange County's freeways to connect stranded motorists to the California Highway Patrol. But the caller charged all his calls to a single box on the shoulder of the Orange (57) Freeway. The hacker apparently matched the individual electronic serial number for the call box to its telephone number. It took an investigation by the transit authority, and three cellular communications firms to unravel the mystery, the report stated. Officials with the transit authority's emergency call box program were not available to comment on the cost of the phone calls or to say how they would be paid. But the report assured that "action has been taken to correct this problem. It should be noted that this is the first incident of this type in the five-year history of the program." - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ring May Be Responsible For Freeway Call Box Scam October 24, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Jodi Wilgoren (Los Angeles Times)(Page B4) "Officials Believe A Hacker Sold Information to Others; LA Cellular Will Pay For The Excess Calls." COSTA MESA, CA -- As soon as he saw the August bill for Orange County's freeway call boxes, analyst Dana McClure guessed something was awry. There are typically about 12,000 calls a month from the 1,150 yellow boxes that dot the county's freeways. But in August, there were nearly that many registered to a single box on the Orange Freeway a half-mile north of Lambert Road in Brea. "This one stood out, like 'Whoa!'" said McClure, who analyzes the monthly computer billing tapes for the Orange County Transportation Authority. "It kicked out as an error because the number of minutes was so far over what it is supposed to be." With help from experts at LA Cellular, which provides the telephone service for the boxes, and GTE Cellular, which maintains the phones, McClure and OCTA officials determined that the calls -- 11,733 of them totaling 25,875 minutes for a charge of about $1,600 -- were made because the hacker learned the code and telephone number for the call boxes. Because of the number of calls in just one month's time, officials believe there are many culprits, perhaps a ring of people who bought the numbers from the person who cracked the system. You'd have to talk day and night for 17 or 18 days to do that; it'd be fantastic to be able to make that many calls," said Lee Johnson of GTE Cellular. As with all cases in which customers prove they did not make the calls on their bills, LA Cellular will pick up the tab, company spokeswoman Gail Pomerantz said. Despite the amount of time involved, the bill was only $1,600, according to OCTA spokeswoman Elaine Beno, because the county gets a special emergency service rate for the call box lines. The OCTA will not spend time and money investigating who made the calls; however, it has adjusted the system to prevent further fraud. Jim Goode of LA Cellular said such abuses are rare among cellular subscribers, and that such have never before been tracked to freeway call boxes. The call boxes contain solar cellular phones programmed to dial directly to the California Highway Patrol or a to a GTE Cellular maintenance line. The calls on the August bill included 800 numbers and 411 information calls and hundreds of calls to financial firms in New York, Chicago and Los Angeles. That calls were placed to these outside lines indicates that the intruders made the connections from another cellular phone rather than from the call box itself. Each cellular phone is assigned a seven-digit Mobile Identification Number that functions like a phone number, and a 10- or 11-digit Electronic Service Number unique to that particular phone (similar to the vehicle identification number assigned every automobile). By reprogramming another cellular phone with the MIN and ESN of the call box phone, a hacker could charge all sorts of calls to the OCTA. "That's not legally allowable, and it's not an easy thing to do," McClure said, explaining that the numbers are kept secret and that reprogramming a cellular phone could wreck it. "Most people don't know how to do that, but there are some." Everyone involved with the call box system is confident that the problem has been solved, but officials are mum as to how they blocked potential cellular banditry. "I don't think we can tell you what we did to fix it because we don't want it to happen again," Beno said with a laugh. _______________________________________________________________________________ FBI Probes Possible Boeing Computer Hacker November 6, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from Reuters SEATTLE -- Federal authorities said Friday they were investigating the possibility that a hacker had breached security and invaded a Unix-based computer system at the aerospace giant Boeing Co. The Federal Bureau of Investigation confirmed the probe after a Seattle radio station reported it received a facsimile of a Boeing memorandum warning employees the security of one of its computer networks may have been violated. The memo, which had been sent from inside Boeing, said passwords may have been compromised, a reporter for the KIRO station told Reuters. KIRO declined to release a copy of the memorandum or to further identify its source. The memorandum said the problem involved computers using Unix, the open-ended operating system used often in engineering work. Sherry Nebel, a spokeswoman at Boeing's corporate headquarters, declined comment on the memorandum or the alleged breach of security and referred all calls to the FBI. An FBI spokesman said the agency was in touch with the company and would discuss with it possible breaches of federal law. No information was immediately available on what type of computer systems may have been violated at Boeing, the world's largest commercial aircraft manufacturer. The company, in addition, acts as a defense contractor and its business includes work on the B-2 stealth bomber, NASA's space station and the "Star Wars" project. Boeing is a major user of computer technology and runs a computer services group valued at $1 billion. Much of the company's engineering work is conducted using computer -aided design (CAD) capabilities. Boeing currently is pioneering a computerized technique which uses 2,000 computer terminals to design its new 777 twinjet. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FBI Expands Boeing Computer Hacker Probe November 9, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Samuel Perry (Reuters) SEATTLE -- Federal authorities expanded their investigation of a computer hacker or hackers suspected of having invaded a computer system at aerospace giant and defense contractor Boeing Co. FBI spokesman Dave Hill said the investigation was expanded after the agency discovered similar infiltrations of computer records belonging to the U.S. District Court in Seattle and another government agency. "We're trying to determine if the same individuals are involved here," he said, adding more than one suspect may be involved and the purpose of the intrusion was unclear. "We don't think this was an espionage case," Hill said, adding federal agents were looking into violations of U.S. law barring breaking into a computer of federal interest, but that no government classified data was believed to be compromised. "I'm not sure what their motivation is," he told Reuters. The FBI confirmed the investigation after a Seattle radio station reported it received a facsimile of a Boeing memorandum warning employees that the security of one of its computer networks may have been violated. A news reporter at KIRO Radio, which declined to release the facsimile, said it was sent by someone within Boeing and that it said many passwords may have been compromised. Boeing's corporate headquarters has declined to comment on the matter, referring all calls to the FBI. The huge aerospace company, which is the world's largest maker of commercial jetliners, relies heavily on computer processing to design and manufacture its products. Its data processing arm operates $1.6 billion of computer equipment. No information was disclosed on what system at Boeing had been compromised. But one computer industry official said it could include "applications involving some competitive situations in the aerospace industry. The company is a defense contractor or subcontractor on major U.S. military programs, such as the B-2 stealth bomber, the advanced tactical fighter, helicopters, the NASA space station and the "Star Wars" missile defense system. Recently, Boeing has pioneered the unprecedented use of computer-aided design capabilities in engineering its new 777 twinjet. The design of the 777 is now mostly complete as Boeing prepares for final assembly beginning next year. That system, which uses three-dimensional graphics to replace a draftsman's pencil and paper, includes 2,000 terminals that can tap into data from around the world. _______________________________________________________________________________ Hacker Breaches NOAA Net August 3, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~ by Kevin Power (Government Computer News)(Page 10) As a recent breach of the National Oceanic and Atmospheric Administration's (NOAA) link to the Internet shows, the network not only benefits scientists but also attracts unwanted attention from hackers. NOAA officials said an intruder in May accessed the agency's TCP/IP network, seeking to obtain access to the Internet. The breach occurred on the National Weather Service headquarters' dial-in communications server in Silver Spring, Maryland, said Harold Whitt, a senior telecommunications engineer with NOAA. Cygnus Support, a Palo Alto, California, software company, alerted NOAA officials to the local area network security breach when Cygnus found that an outsider had accessed one of its servers from the NOAA modem pool and had attempted several long-distance phone calls. NOAA and Cygnus officials concluded that the perpetrator was searching for an Internet host, possibly to locate a games publisher, Whitt said. Fortunately, the hacker did no damage to NOAA's data files, he said. Whitt said intruders using a modem pool to tap into external networks are always a security concern. But organizations with Internet access seem to be hacker favorites, he said. "There's a lot of need for Internet security," Whitt said. "You have to make sure you monitor the usage of the TCP/IP network and the administration of the local host. It's a common problem, but in our case we're more vulnerable because of tremendous Internet access," Whitt said. Whitt said NOAA's first response was to terminate all dial-in services temporarily and change all the numbers. Whitt said he also considered installing a caller-identification device for the new lines. But the phone companies have limited capabilities to investigate random incidents, he said. "It's very difficult to isolate problems at the protocol level," Whitt said. "We targeted the calls geographically to the Midwest. "But once you get into the Internet and have an understanding of TCP/IP, you can just about go anywhere," Whitt said. NOAA, a Commerce Department agency, has since instituted stronger password controls and installed a commercial dial-back security system, Defender from Digital Pathways Inc. of Mountain View, California. Whitt said the new system requires users to undergo password validation at dial time and calls back users to synchronize modems and log calls. Despite these corrective measures, Reed Phillips, Commerce's IRM director, said the NOAA incident underlies the axiom that networks always should be considered insecure. At the recent annual conference of the Federation of Government Information Processing Councils in New Orleans, Phillips said the government is struggling to transmit more information electronically and still maintain control over the data. Phillips said agencies are plagued by user complacency, a lack of organizational control, viruses, LAN failures and increasing demands for electronic commerce. "I'm amazed that there are managers who believe their electronic-mail systems are secure," Phillps said. "We provide a great deal of security, but it can be interrupted. "Security always gets hits hard in the budget. But the good news is vendors recognize our needs and are coming out with cheaper security tools," Phillips said. Phillips said the NOAA attack shows that agencies must safeguard a network's physical points because LANs present more security problems than centralized systems. "The perpetrator can dial in via a modem using the common services provided by the telephone company, and the perpetrator risks no personal physical harm. By gaining access to a single system on the network the perpetrator is then able to propagate his access rights to multiple systems on the network," Phillips said. "In many LAN environments a user need only log on the network once and all subsequent access is assumed to be authorized for the entire LAN. It then becomes virtually impossible for a network manager or security manager to track events of a perpetrator," he said. _______________________________________________________________________________ Hackers Scan Airwaves For Conversations August 17, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Mark Lewyn (The Washington Post)(Page A1) "Eavesdroppers Tap Into Private Calls." On the first day of the Soviet coup against Mikhail Gorbachev in August 1991, Vice President Quayle placed a call to Senator John C. Danforth (R-Mo.) and assessed the tense, unfolding drama. It turned out not to be a private conversation. At the time, Quayle was aboard a government jet, flying to Washington from California. As he passed over Amarillo, Texas his conversation, transmitted from the plane to Danforth's phone, was picked up by an eavesdropper using electronic "scanning" gear that searches the airwaves for radio or wireless telephone transmissions and then locks onto them. The conversation contained no state secrets -- the vice president observed that Gorbachev was all but irrelevant and Boris Yeltsin had become the man to watch. But it remains a prized catch among the many conversations overhead over many years by one of a steadily growing fraternity of amateur electronics eavesdroppers who listen in on all sorts of over-the-air transmissions, ranging from Air Force One communications to cordless car-phone talk. One such snoop overheard a March 1990 call placed by Peter Lynch, a well-known mutual fund executive in Boston, discussing his forthcoming resignation, an event that later startled financial circles. Another electronic listener overheard the chairman of Popeye's Fried Chicken disclose plans for a 1988 takeover bid for rival Church's Fried Chicken. Calls by President Bush and a number of Cabinet officers have been intercepted. The recordings of car-phone calls made by Virginia Governor L. Douglas Wilder (D), intercepted by a Virginia Beach restaurant owner and shared with Senator Charles S. Robb (D-Va.), became a cause ce'le'bre in Virginia politics. Any uncoded call that travels via airwaves, rather than wire, can be picked up, thus the possibilities have multiplied steadily with the growth of cellular phones in cars and cordless phones in homes and offices. About 41 percent of U.S. households have cordless phones and the number is expected to grow by nearly 16 million this year, according to the Washington-based Electronics Industry Association. There are 7.5 million cellular phone subscribers, a technology that passes phone calls over the air through a city from one transmission "cell" to the next. About 1,500 commercial airliners now have air-to-ground phones -- roughly half the U.S. fleet. So fast-growing is this new form of electronic hacking that it has its own magazines, such as Monitoring Times. "The bulk of the people doing this aren't doing it maliciously," said the magazine's editor, Robert Grove, who said he has been questioned several times by federal agents, curious about hackers' monitoring activities. But some experts fear the potential for mischief. The threat to business from electronic eavesdropping is "substantial," said Thomas S. Birney III, president of Cellular Security Group, a Massachusetts-based consulting group. Air Force One and other military and government aircraft have secure satellite phone links for sensitive conversations with the ground, but because these are expensive to use and sometimes not operating, some calls travel over open frequencies. Specific frequencies, such as those used by the president's plane, are publicly available and are often listed in "scanners" publications and computer bulletin boards. Bush, for example, was accidentally overheard by a newspaper reporter in 1990 while talking about the buildup prior to the Persian Gulf War with Senator Robert Byrd (D-W.Va.). The reporter, from the Daily Times in Gloucester, Massachusetts quickly began taking notes and the next day, quoted Bush in his story under the headline, "Bush Graces City Airspace." The vice president's chief of staff, William Kristol, was overheard castigating one staff aide as a "jerk" for trying to reach him at home. Some eavesdroppers may be stepping over the legal line, particularly if they tape record such conversations. The Electronic Communications Privacy Act prohibits intentional monitoring, taping or distribution of the content of most electronic, wire or private oral communications. Cellular phone calls are explicitly protected under this act. Local laws often also prohibit such activity. However, some lawyers said that under federal law, it is legal to intercept cordless telephone conversations as well as conversations on an open radio channel. The government rarely prosecutes such cases because such eavesdroppers are difficult to catch. Not only that, it is hard to win convictions against "listening Toms," lawyers said, because prosecutors must prove the eavesdropping was intentional. "Unless they prove intent they are not going to win," said Frank Terranella, general counsel for the Association of North American Radio Clubs in Clifton, New Jersey. "It's a very tough prosecution for them." To help curb eavesdropping, the House has passed a measure sponsored by Rep. Edward J. Markey (D-Mass.), chairman of the House telecommunications and finance subcommittee, that would require the Federal Communications Commission to outlaw any scanner that could receive cellular frequencies. The bill has been sent to the Senate. But there are about 10 million scanners in use, industry experts report, and this year sales of scanners and related equipment such as antennas will top $100 million. Dedicated scanners, who collect the phone calls of high-ranking government officials the way kids collect baseball cards, assemble basements full of electronic gear. In one sense, the electronic eavesdroppers are advanced versions of the ambulance chasers who monitor police and fire calls with simpler scanning equipment and then race to the scene of blazes and accidents for a close look. But they also have kinship with the computer hackers who toil at breaking into complex computer systems and rummaging around other's files and software programs. One New England eavesdropper has four scanners, each one connected to its own computer, with a variety of frequencies programmed. When a conversation appears on a pre-selected frequency, a computer automatically locks in on the frequency to capture it. He also keeps a scanner in his car, for entertainment along the road. He justifies his avocation with a seemingly tortured logic. "I'm not going out and stealing these signals," he said. "They're coming into my home, right through my windows." _______________________________________________________________________________ Why Cybercrooks Love Cellular December 21, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by William G. Flanagan and Brigid McMenamin (Forbes)(Page 189) Cellular phones provide cybercrooks with golden opportunities for telephone toll fraud, as many shocked cellular customers are discovering. For example, one US West Cellular customer in Albuquerque recently received a hefty telephone bill. Total: $20,000. Customers are not held responsible when their phone numbers are ripped off and misused. But you may be forced to have your cellular phone number changed. The cellular carriers are the big losers -- to the tune of an estimated $300 million per year in unauthorized calls. How do the crooks get the numbers? There are two common methods: cloning and tumbling. Each cellular phone has two numbers -- a mobile identification number (MIN) and an electronic serial number (ESN). Every time you make a call, the chip transmits both numbers to the local switching office for verification and billing. Cloning involves altering the microchip in another cellular phone so that both the MIN and ESN numbers match those stolen from a bona fide customer. The altering can be done with a personal computer. The MIN and ESN numbers are either purchased from insiders or plucked from the airwaves with a legal device, about the size of a textbook, that can be plugged into a vehicle's cigarette lighter receptacle. Cellular companies are starting to watch for suspicious calling patterns. But the cloning may not be detected until the customer gets his bill. The second method -- tumbling -- also involves using a personal computer to alter a microchip in a cellular phone so that its numbers change after every phone call. Tumbling doesn't require any signal plucking. It takes advantage of the fact that cellular companies allow "roaming" -- letting you make calls away from your home area. When you use a cellular phone far from your home base, it may take too long for the local switching office to verify your MIN and ESN numbers. So the first call usually goes through while the verification goes on. If the numbers are invalid, no more calls will be permitted by that office on that phone. In 1987 a California hacker figured out how to use his personal computer to reprogram the chip in a cellular phone. Authorities say one of his pals started selling altered chips and chipped-up phones. Other hackers figured out how to make the chips generate new, fake ESN numbers every time the cellular phone was used, thereby short-circuiting the verification process. By 1991 chipped-up, tumbling ESN phones were in use all over the U.S. The cellular carriers hope to scotch the problem of tumbling with instant verification. But that won't stop the clones. How do crooks cash in? Drug dealers buy (for up to $ 3,200) or lease (about $750 per day) cellular phones with altered chips. So do the "call-sell" crooks, who retail long distance calls to immigrants often for less than phone companies charge. That's why a victim will get bills for calls all over the world, but especially to Colombia, Bolivia and other drug-exporting countries.